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METHOD AND SYSTEM FOR SHARING DIFFERENT WEB 
COMPONENTS BETWEEN DIFFERENT WEB SITES IN A PORTAL 

FRAMEWORK 

BACKGROUND OF THE INVENTION 
Fieid of the Invention 

The present invention relates to a method, a system and a computer program 
product for providing a site as a collection of software web objects. More 
particularly, the present invention relates to a method, a system and a computer 
program product for providing a site as a collection of web objects that can be 
manipulated by a set of users having assigned privileges defined by permissions 
associated with each software web object in the collection of objects. 

Description of the Prior Art 

Traditionally, web sites have been considered to be all resource files 
organized and accessible from a given domain name associated with a system, such 
as a server. Typically, web sites have a common look, feel and navigational 
structure. Computer program code is implemented to provide the common look, 
feel and navigational structure of a web site. Portals have been implemented to 
provide a gate to access a plurality of web objects of a web site for simultaneous 
viewing on a display. Most companies and organizations provide different types of 



1 



OurRef.No. 19312.0020 



PATENT 



portals for a variety of purposes these include portals for the general public, intranet 
portals for their employees, as well as extranet portals for their customers, vendors, 
suppliers, and other parties with whom they transact business. 

The complexity and cost of developing, deploying, administering and 
continually enhancing portals, is tremendous. In developing, deploying and 
maintaining portals, it is often necessary to implement objects of a web site. 
Typically, developing, deploying, enhancing and maintaining portals, such as 
implementing web objects of a web site provided by a portal, requires the physical 
selection and transfer of files to systems desired to implement web objects of a web 
site in a portal. Alternatively, the entire web site must be archived in a file and 
transferred to a system in order to implement the web site. This type of 
development, deployment, and maintenance of portals is complex, costly and prone 
to error. Additionally, the process requires the manual transfer of code and libraries 
to a system. Lastly, aspects of a web site cannot be made available to an intended 
group of users for commercial use. Companies and organizations are forced to 
maintain staffs of highly skilled engineers and content developers, or to outsource 
these tasks. Meanwhile, Internet-related technologies are proliferating and 
maturing, and Internet users' expectations continue to increase. Maintaining an 
effective portal often competes with and detracts from the resources available for an 
organization's primary goals. 
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There is a need for a new method of administrating web objects on a portal 
framework as a collection of software objects. There is a need for a method of 
managing the software object employing a set of users granted privileges associated 
with respective objects in the collection of software objects. There is a need for a 
new method of sharing objects of web site with other web sites. There is a need for 
a new method of unsharing objects of a web site from other web sites. There is a 
need for a new method to add shared objects to a web site. 



SUMMARY OF THE INVENTION 

According to embodiments of the present invention, a method, a system and 
a computer program product for sharing an object in a portal framework are 
provided. Sites defined by a collection of software objects may be managed by a set 
of users granted privileges associated with respective objects in the collection of 
software objects. The sharing of objects may be executed by performing share type 
administrations. Objects may be shared directly to a site or may be shared 
indirectly made available for reuse by a site. The objects shared and made available 
for reuse may be added to the site to which they are shared and made available for 
reuse. References to objects are stored in repositories based on privileges associated 
with at least one of a repository, a site and a user. Objects made available for reuse 
by and shared to a site may be made unavailable for reuse by, and unshared to, the 
site through the execution of a share type administration. 
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A method of sharing an object in a portal framework includes storing a 
reference to the object in a first repository and performing a first operation to store a 
duplicate reference to the object in a second repository. The first operation is in 
accordance with a first privilege granted as defined by a permission. References to 
each child object or some child objects of the object in the second repository may 
also be stored in the second repository. 

In an embodiment of the present invention, the reference to an object is for 
an object of a first site. The performance of a second operation adds the object to a 
second site. The method further includes performing a third operation to remove 
the duplicate reference of the object from the second repository and the object from 
the second site. 

In an embodiment of the present invention, the method includes providing 
access to the duplicate reference of the object in the second repository. Access is 
provided in accordance with a second privilege granted as defined by a permission 
for the second repository. The method further includes performing a second 
operation to store a second duplicate of the reference to the object in a third 
repository. The performance of a third operation adds the object to a second site. 
The method further includes performing a fourth operation to remove the second 
duplicate of the reference of the object from the second repository and the object 
from the second site. 



OurRef.No. 19312.0020 



PATENT 



A computer program product for sharing an object in a portal framework 
includes a computer readable medium and computer program instructions, recorded 
on the computer readable medium, executable by a processor. The computer 
program instructions perform the steps of storing a reference to the object in a first 
repository and performing a first operation to store a duplicate of the reference to 
the object in a second repository. The first operation is in accordance with a first 
privilege granted as defined by a permission. 

A system for sharing an object in a portal framework includes a first 
repository operable to store a reference to the object and a second repository 
operable to store a duplicate of the reference to the object in response to a first 
operation. The first operation is in accordance with a first privilege granted as 
defined by a permission. 



BRIEF DESCRIPTION OF THE DRAWINGS 

The above described features and advantages of the present invention will be 
fully appreciated with reference to the detailed description and appended figures in 
which: 

Fig. 1 depicts a functional block diagram of an embodiment of a framework 
in which the present invention can find application; 
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Fig. 2 depicts a functional block diagram of a system depicted in the 
framework of Fig. 1; 

Fig. 3a depicts a functional block diagram of a system depicted in the 
framework of Fig 1; 

Fig. 3b depicts a functional block diagram of a system depicted in the 
framework of Fig 1; 

Fig. 4 depicts a functional block diagram of a system depicted in the 
framework of Fig. 1; 

Fig. 5a illustrates an exemplary repository framework for storing a collection 
of references to a collection of objects of sites in Framework 100 according to an 
embodiment of the present invention; 

Fig. 5b illustrates exemplary rules governing setting of default values for 
permissions of objects in sites of framework in Fig. 1; 

Fig. 5c is an exemplary diagram explaining the application of the non-site 
administration rule; 

Fig. 6 illustrates an exemplary embodiment of a site hierarchy implemented 
by the present invention; 

Fig. 7 depicts an exemplary form for setting primary site values according to 
an embodiment of the present invention; 
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Fig. 8 illustrates an exemplary embodiment of object reuse between 
repositories in Framework 500, implemented by the present invention; 

Fig. 9 is an exemplary table illustrating objects and the objects they may 
reference and use; 

Fig. 10 is an exemplary embodiment of multi-level navigational horizontal 
configuration; 

Fig. 1 1 is an exemplary embodiment of multi-level navigational horizontal 
and vertical configuration; 

Fig. 12 is an exemplary diagram illustrating a deployment management 
framework for importing and exporting components of a site for between portals 
employed by Framework 100; 

Fig. 13 depicts an exemplary collection of extensible markup language and 
the file assets stored as individual export files; 

Fig. 14 illustrates menu items of menus with link titles for menu items 
definitions; 

Fig. 15 illustrates a segment of a site navigation captured as a menu object; 
Fig. 16a illustrates a table for implementing the combined algorithm; 
Fig. 16b illustrates a table for implementing the exclusive algorithm; 
Fig. 17 depicts an exemplary embodiment of a top level locking interface; 
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Fig. 18 depicts an exemplary embodiment of a front door page of an end user 
site employing menuing structures according to the present invention; 

Fig. 19 depicts the rules determining the operation of the control menu 
system and a site navigation system according to an embodiment of the present 
invention; and 

Figs. 20a-20b are exemplary illustrations of consoles according to an 
embodiment of the present invention. 

DETAILED DESCRIPTION OF THE INVENTION 

The present invention is now described fully hereinafter with reference to the 
accompanying drawings showing embodiments of the present invention. The 
present invention, however, may be embodied in many different forms and should 
not be construed as limited to embodiments set forth herein. Appropriately, these 
embodiments are provided so that this disclosure will be thorough and complete, 
and will fully convey the scope of the present invention. 

OVERALL FRAMEWORK 

Fig. 1 depicts a functional block diagram of a framework in which the 
present invention can find application. In the embodiment of Fig. 1, Framework 
100 may be implemented to provide for the administration of sites on Framework 
100 as a collection of software objects that may be managed by a set of users 
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granted privileges associated with respective objects in the collection of software 
objects. Framework 100 may employ and maintain portals to provide gateways for 
access to objects of a site. Framework 100 may be implemented to perform 
administration such as importing and exporting components of a site between 
portals on Framework 100, sharing objects between sites on Framework 100 and 
granting privileges associated with objects to users of Framework 100. 

A console may be employed to perform administration on a site of 
Framework 100. A console may be a graphical user interface of an administration 
site provided to an administrator to perform administration on objects in Framework 
100. For example, a server console is a graphical user interface of a server 
administration site operable to perform administration on all objects in Framework 
100. Alternatively, a site console is a graphical user interface of an administration 
site provided to an administrator to perform administration on objects of one or 
more sites. Access to a given site console of an administration site may be 
governed by privileges defined by permissions, such as "can access site 
administrator context" permission for the site. Likewise, access to a given server 
console for an administration site be governed by privileges defined by permissions, 
such as "can access system administrator context" permission for the administration 
site. Access to an administration site may be provided by employing a link that 
appears to a user upon authentication of the user. A user with privileges to both a 
site console and server console may switch between consoles. 
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A site is considered, for the purposes of the present invention, to be a 
collection of software objects given a single identity. The single identity may be 
characterized by a shared look-and-feel, a shared set of navigation links, and 
members of a group who are automatically granted privileges to perform 
administration on at least some of the software objects in the collection as well as 
elements of the site. The collection of software objects in a site includes non-file 
assets such as users, groups, modules, module types, pages, menus, themes, 
structures, styles and templates. Detailed descriptions of each software object in the 
collection are provided in U.S. Patent 6,327,628 herein incorporated by reference. 

Elements of a site include, but are not limited to, logon permissions, 
administrative permissions, site branding, site content and site navigation. 
Components of a site include file assets and non-file assets. File assets include 
resources such as code including JSP pages, ASP pages, Java classes and or object 
oriented programming language classes, and images including GIF files, etc. stored 
as a file on a file system and implemented to provide a site. Non-file assets include, 
but are not limited to, instantiated programming language objects stored in a 
database, such as described above (as opposed to static class files), and in addition 
to permissions, user preferences and settings. 

A software object may represent an actor within an overall system design. 
Such actors may correspond to real-world concepts, or may exist purely to support 
the overall design. Software objects encapsulate the data and logical processes of 
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the actor. This encapsulation makes software objects easy to use, because the user 
of a software object need not know how the software object performs its processes. 
Software objects are also extensible, where other software objects can be built on 
top of existing software objects, allowing the new software object to expand the 
concept of the old software object without having to rewrite the functionality of the 
old software object. These properties of software objects make object-oriented 
systems flexible and extensible. 

An object model, such as an XML object model representation of web sites, 
includes a collection of software objects that work together in documented 
relationships. Framework 100 employs an object-oriented system built on such an 
object model. Each software object in Framework 100 is implemented employing a 
set of classes that define the behavior and characteristics of the software object 
when instantiated. 

In an embodiment of the present invention, logon permissions define the 
ability of a user to access a respective site. Administrative permissions define the 
ability of a user to perform administration on a respective site. Site branding defines 
the look-and-feel of a respective site. Site content includes objects in a collection of 
software objects available within a respective site. Site navigation defines the 
mechanism for moving between different areas of a site. Users may have privileges 
with respect to objects and elements in order to perform administration on the 
objects and elements of a site on framework 100. 
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In the Fig. 1 embodiment of the present invention, framework 100 includes 
systems 102, systems 106, systems 108 and network 104. Framework 100 may 
transmit using network 104, any combination of voice, video and/or data between 
devices. One having ordinary skill in the art would recognize that Framework 100 
is highly scaleable where any number of systems 102, systems 106 and systems 108 
may be implemented to perform the functions of the present invention. 

Each system 102 couples to systems 110 employing network 104. Systems 
102 may be any apparatus from which, and to which, any combination of voice 
video and/or data may be transmitted over a network 104, such as the Internet, 
Intranet or an extranet. Systems 102 may be used to provide for the administration 
of sites on framework 100 as a collection of software objects that can be 
manipulated by a set of users having assigned privileges defined by permissions 
associated with each software object in the collection of software objects, share 
objects between sites and automatically grant privileges associated with objects to 
users. 

Each system 110 couples to a system 106 employing suitable communication 
means. Each system 110 may be any apparatus from which, and to which, any 
combination of voice video and/or data may be transmitted over a network 104, 
such as the Internet or an extranet. In a preferred embodiment of the present 
invention, the system 110 is a web server. System 110 manages web page requests 



12 



OurRef.No. 19312.0020 



PATENT 



from system 102 and delivers HTML documents (Web pages) in response to the 
requests from system 106. 

Each system 110 couples to a system 106 employing suitable communication 
means. Each system 106 may be any apparatus from which, and to which, any 
combination of voice video and/or data may be transmitted over a network 104, 
such as the Internet or an extranet. In a preferred embodiment of the present 
invention, the system 106 is an application server. A set of systems 106 may be 
operable to implement the functions of the present invention. The presentation of 
web site and administration of sites objects are implemented by system 106 
employing software services that are provided by software and suitable class 
libraries that connect to other systems as needed. System 106 may provide 
processing between system 102 and system 108, such as delivery of information as 
well as processing information for users of system 102. Processing by system 106 
may be performed by Java servlets, JavaServer Pages (JSPs), Enterprise JavaBeans 
(EJBs), Active Server Pages (ASPs) and ActiveX controls. The system 1 10 and 
system 106 can be one in the same computer system or separate computer system. 

Each system 108 couples to a system 106 employing suitable communication 
means. Each system 108 may be any apparatus that executes program instruction in 
accordance with the present invention to store data and provide software object 
persistence via a suitable database interface. In addition, system 108 may directly 
transfer information to system 110 or through system 106 in response to a request 
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for information as well as transfer information to user system 102 in response to a 
request made to system 1 10 by user system 102 over network 104. 

Network 104 may be a local area network, a wide area network, the Internet, 
an extranet, a wireless network, or the like. The network 104 may transfer 
information between system 102 and system 106, system 108 and system 110. The 
information transferred may include any combination of voice, video and/or data. 
Network 104 can be implemented as a wireless network or a wired network. 

User groups of Framework 100 include, but are not limited to, an everyone 
group, user group, new user group, site administration group, shared group, Normal 
Groups, Guest Group, Registered Users Group, and Self Registered Users Groups. 
Groups define the characteristics of user members based on privileges granted to the 
groups to perform administration. The privileges granted to users and groups are 
defined by values assigned to permissions settings based on, in part, an occurrence 
of a type of administration in Framework 100. The values assigned to permissions 
may be set automatically as the result of a type of administration or operation by a 
type of administration operation. 

An everyone group may be a virtual system group. It may contain every 
user in Framework 100, including guests. The everyone group is a special 
conceptual group which allows batch permissions to be set for all groups 
implemented as a flag that lives on every permission which short-circuits the group- 
based permissions lookup. The Site Administration group may be automatically 
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created for a site whenever a user creates the site. A site administration group may 
contain users granted privileges to perform administration on the site. Site 
administration groups may be stored in a special table in a system, such as system 
108. 

A User group may include users granted privileges to perform administration 
on an object of a site. A shared group may include members of a group available for 
sharing by a site. Members of the share group may access a site when granted 
privileges to access the site. A guest group may be a virtual group of users who are 
not registered with a site in a site context, or with any site in a system context. The 
members of the guest group may be granted privileges with respects to a site. 
Access to a site by members of the guest group may require the site to allow access 
by guest users. A new user group may be a new user assigned to a newly created 
site. 

Registered users group may be a virtual group of users who are accessing a 
site in a site context, or a site in a system context, in accordance with privileges 
granted to access the site. The members of the registered user group may be 
granted privileges with respect to a site. Access to the site by members of a 
registered user group may require the site to allow access by guest users. A self 
registered users group may be a virtual group of users who are accessing a site in a 
site context, or a site in a system context, in accordance with privileges granted by 
the site. The members of the registered user group may be granted privileges with 
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respects to a site. Access to the site by members of a registered user group may 
require the site to allow self-registration by users. Normal group may be a group 
created by an administrator and given privileges as defined by the administrator for 
that group. 

Framework 100 users include administrators, delegated administrators and 
end-users. Administrators include server administrators and site administrators. 
Server administrators are installation-level users who may have privileges over all 
aspects of an installation. Server administrator may have privileges over all objects 
in Framework 100 in accordance with permission settings. Server administrators 
may have privileges over objects of a site in accordance with privileges granted to 
the server administrator by membership within groups on Framework 100. 
Privileges granted server administrators may include administration of objects on a 
system and objects on sites. Administration may include, but is not limited to, 
deploying a site, locking down elements, creating sites anywhere in Framework 
100, granting and revoking privileges to users for performing administration, 
configuring privileges for sites, logging on to end-user sites, mapping created sites 
to URL, modifying systems properties, site branding and sharing objects between 
sites. Administration by a server administrator may be performed in a system 
context from a server console accessible in accordance with privileges granted the 
server administrator and in a site context from a site console accessible in 
accordance with privileges granted the server administrator. 
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Site administrators may have privileges over at least some objects in 
Framework 100 in accordance with permission settings. Site administrators may 
have privileges over objects in a site in accordance with privileges granted the site 
administrators by membership in a site administration group. Privileges granted to 
site administrators may include administration of objects on a site. Privileges may 
be granted by configuring the permissions of a child site by a site administrator of a 
parent site to the child site, or directly by a server administrator employing a server 
console. Alternatively, site administrators may be granted privileges by configuring 
permissions for a site by a server administrator employing a server console. 
Privileges granted to a site administrator may include, but is not limited to, 
deploying sites, creating sub-sites of a site, accessing objects on Framework 100 for 
sites and sub-sites, managing the look, feel, membership and navigational structure 
of sites and sub-sites, modifying branding of sites and sub-sites, sharing objects 
with sites, overriding default site settings, previewing sites and performing user 
searches. A site administrator exists as long as the respective site there is a site 
administrator for exists. 

Delegated administrators include delegated server administrators and 
delegated site administrators. Delegated Server Administrators may be granted 
privileges over at least some of the object in framework 100 in accordance with 
permission settings. Delegated Server administrators may be granted at least some 
of the privileges of a server administrator over objects by a server administrator. 
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Administration by a delegated server administrator may be performed in a system 
context from a server console accessible in accordance with privileges granted the 
server administrator and in a site context from a site console accessible in 
accordance with privileges granted by the server administrator. 

Delegated site administrators may be granted at least some of the privileges 
over at least some of the objects in Framework 100 in accordance with permission 
settings. Delegated site administrators may be granted at least some of the 
privileges of a site administrator over objects by the site administrator. 
Administration by a delegated site administrator may be performed in a site context 
from a site console accessible in accordance with privileges granted by the site 
administrator. 

End-users include guest users and registered users. Guest users may be users 
not registered with a site, such as users without a password or login Id. A guest user 
may access sites allowing access by guest users. Registered users include users who 
have performed registration in order to receive a login Id and password for a site 
allowing self-registration by users. Registered user may access sites they are 
registered with as well as other sites allowing self-registration by users. 

Permissions that may be configured by setting permission values to grant 
privileges include system permissions, site permissions, end-user permissions and 
object permissions. Permissions values may be set automatically, in response to the 
occurrence of a type of administration, and explicitly, by a type of administration. 
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Systems permissions are granted in a system context. Systems permissions values 
may be set for a system to grant at least some privileges of a server administrator 
over the system to delegated server administrator. Privileges granted to delegated 
server administrators by setting systems permissions values may be performed by 
the delegated server administrator from a server console. System permissions 
includes can create ungrouped users permissions and can edit/delete ungrouped 
users permissions. 

Site permissions are granted to site administrator in a site context. Site 
permissions may be set for a site to grant privileges to site administrators over the 
site. The site administrator may then delegate their privileges to groups within a 
respective site associated with the site administrator from the site console for the 
site. Privileges granted to a site administrator, by setting site permissions for a site, 
may be performed by the site administrator from the site console for the site. Site 
permissions include can add to site and can share to site. 

Component (object) administration permissions are granted to administrators 
in a system context. In an embodiment of the present invention, object 
administrative permissions may be set for an object to grant privileges to a 
delegated administrator, such as a delegated site administrator, over the object from 
a server console and a site console. Privileges granted to delegated administrators 
by setting objects administrative permissions from the server console may be 
performed from a server console and any site console by the delegated 
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administrators. Privileges granted to delegated administrators by setting objects 
administrative permissions from the site console may be performed from a server 
console and a site console of a site by the delegated administrator. 

End User Permissions may define tasks performable by end-users. End user 
permissions values may be configured by administrators, such as server and site. 
End User permissions values configured in the site context apply to a site. End 
User permissions values set in the system context for objects apply to all sites that 
employ the object. End user permissions include module enabled, module editable, 
module minimizable and menu enabled. End user permission may define tasks 
performable by groups. An end user permission for a group set from the system 
context applies to the group in all sites in the system. For example, a site will have 
no control over user access to a module with module enabled permission for the 
everyone group set. 

Fig. 2 is a block diagram illustration of end user systems 102. The end user 
systems 102 may include CPU 202, connected by a bus or other suitable interface 
means to system memory 208. The user system 102 can also include input/output 
device interface, and display interface 204. Input/output device interface 204 
enables interaction with and execution of instruction by user system 102 as directed 
by a user. Display interface can display information generated for output by user 
system 102 as provided by system 106. As shown, the various components of the 
user system 102 communicate through bus 218 or similar architecture. 
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Accordingly, systems memory 208 is disposed in communication with CPU 202 
through bus 218. Systems memory 208 includes Browser Program 212, operating 
system 214 and data 216. 

Operating system 214 provides overall system functionality. Browser 
program 212 implements computer program instructions executed by CPU 202. 
The browser program 212 enables the information transmitted from system 106 to 
be conveyed to a user in a manner that can be understood by a user of user system 
102. The browser program 212 serves as a front end to the World Wide Web on the 
Internet. The browser program 212 may be used to display interfaces, such as 
consoles to perform administration on sites of framework 100 over network 104. 

Fig. 3a is an exemplary block diagram of system 110 illustrated in Fig. 1, in 
which the present invention may be implemented. System 110 manages web page 
requests from system 102 and delivers HTML documents (Web pages) in response 
to the requests from system 106. System 110 includes a processor (CPU) 326 
connected by a bus 340 to memory 332, network interface 320 and I/O circuitry 
324. 

In the Fig. 3a embodiment, CPU 326 is a microprocessor, such as an INTEL 
PENTIUM® or AMD® processor, but may be any processor that executes program 
instructions in order to carry out the functions of the present invention. As shown, 
CPU 326 and the various other components of the system 110 communicate through 
a system bus 340 or similar architecture. Network interface 320 provides an 
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interface between system 110 and a network 104, such as the Internet. The network 
104 may be a local area network (LAN), a wide area network (WAN), or 
combinations thereof. I/O circuitry 304 provides an interface for the input of 
structured information to and output of structured information from system 110. 
I/O circuitry 304 includes input devices, such as trackball, mice, touchpads and 
keyboards, and output devices, such as printers and monitors. 

In the Fig. 3a embodiment, memory 332 stores operating system 338, web 
server software 336 and data 334. Operating system 338 provides overall system 
functionality. Data 334 may be any structured data required by system 110. Web 
server software 336 performs the functions for managing the delivery of web pages. 

Fig. 3b is an exemplary block diagram of system 106 illustrated in Fig. 1, in 
which the present invention may be implemented. System 106 performs the 
functions for administration of sites on framework 100 as a collection of software 
objects that can be manipulated by a set of users having assigned privileges. 
System 106 includes a processor (CPU) 302 connected by a bus 318 to memory 
308, network interface 310 and I/O circuitry 304. 

In the Fig. 3b embodiment, CPU 302 is a microprocessor, such as an INTEL 
PENTIUM® or AMD® processor, but may be any processor that executes program 
instructions in order to carry out the functions of the present invention. As shown, 
CPU 302 and the various other components of the system 106 communicate through 
a system bus 318 or similar architecture. Network interface 310 provides an 
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interface between system 106 and a network 104, such as the Internet. The network 
104 may be a local area network (LAN), a wide area network (WAN), or 
combinations thereof. I/O circuitry 304 provides an interface for the input of 
structured information to and output of structured information from system 106. 
I/O circuitry 304 includes input devices, such as trackball, mice, touchpads and 
keyboards, and output devices, such as printers and monitors. 

In the Fig. 3b embodiment, memory 308 stores site administration software 
314, operating system 316, data 312, application server software 320 and Java 
virtual machine 322. Operating system 316 provides overall system functionality. 
Data 312 may be any structured data required by system 106, such as asset files and 
non-asset files. Site administration software 314 includes modular applications that 
run within sites. Administration software 314 provides the functionality for 
providing and managing of sites on framework 100 as a collection of web objects 
that can be manipulated by a set of users having assigned privileges defined by 
permissions associated with each object in the collection of objects. The java 
virtual machine 322 converts the Java intermediate language (bytecode) into 
machine language and executes it. Application server software 322 performs the 
functions for processing between system 102 and system 108 

Fig. 4 is an exemplary block diagram of system 108 illustrated in Fig. 1, in 
which the present invention may be implemented. System 108 may be a database 
management system that includes data for retrieval by system 106 and employed by 

23 



OurRef.No. 19312.0020 



PATENT 



Framework 100 to perform the functions associated with the present invention. In 
the Fig. 4 embodiment, system 108 is a general purpose computer, such as a 
workstation, personal computer, server or the like, but may be any apparatus that 
executes program instruction in accordance with the present invention. System 108 
includes a processor (CPU) 402 connected by a bus 418 to memory 408, network 
interface 410 and I/O circuitry 404. 

In the Fig. 4 embodiment, CPU 402 is a microprocessor, such as an INTEL 
PENTIUM® or AMD® processor, but may be any processor that executes program 
instructions in order to carry out the functions of the present invention. As shown, 
CPU 402 and the various other components of the server 108 communicate through 
a system bus 418 or similar architecture. Network interface 410 provides an 
interface between system 108 and a network 104, such as the Internet. The network 
104 may be a local area network (LAN), a wide area network (WAN), or 
combinations thereof. I/O circuitry provides an interface for the input of structured 
information to and output of structured information from system 108. I/O circuitry 
404 includes input devices, such as trackball, mice, touchpads and keyboards, and 
output devices, such as printers and monitors. 

In the FIG. 4 embodiment, memory 408 stores data 416, such a file asset and 
non-file assets employed by Framework 100. Memory 408 includes routines, such 
as database management routines 412, and operating system 414. Memory 408 
includes memory devices, such as read only memory (ROM), random access 
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memory (RAM) hard disks, CD-ROMs, floppy disks, optical storage devices, 
magnetic storage devices, etc. 

REPOSITORY FRAMEWORK 

Fig. 5a illustrates an exemplary repository framework for storing a collection 
of references associated with a collection of objects in Framework 100 for sites 
according to an embodiment of the present invention. In the Fig. 5a embodiment of 
the present invention, the repository framework 500 may be implement to perform a 
sharing type of administration. A sharing type of administration makes an object in 
Framework 100 available for reuse by a site, directly or indirectly, by storing 
duplicates to a reference to the object in one or more repository. In the Fig. 5 
embodiment, repository framework 500 includes site repositories 506, a system 
repository 508 and a shared repository 510. A combination of at least two 
repositories in framework 500 may be employed to perform a sharing type of 
administration. A reference to an object in Framework 100 may be stored in any 
number of repositories in repository framework 500 or in no repositories at all. 

In the Fig. 5a embodiment of the present invention, a site repository 506 
stores a collection of references to a collection of objects for a site. The collection 
of objects may be stored in a system, such as 108. Each site in Framework 100 has 
an associated site repository. References to objects may be stored in a site 
repository based on privileges granted with respect to the site associated with the 
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site repository. For example, a site desiring to perform a share type administration 
must have privileges over the site where a reference to an object is to be stored. 

A site repository provides partitioning of referenced objects in Framework 
100 based on sites and constrains viewing of referenced objects stored in a site 
repository to a set of users, such as site administrators. This type partitioning 
provides a security model that facilitates the creation of unique sites. Storage of 
duplicate references to objects in a site repository 506 makes the object available 
for reuse by a site associated with the site repository 506. For example, a site A 
will be able to use objects in a repository for site A and a site B will be able to use 
objects in a repository for site B. Each object available for reuse in a site repository 
may be provided with permissions to define privileges for the object. 

A site administrator for a site may be automatically granted privileges over 
objects referenced in a site repository for the site. In the Fig. 5a embodiment of the 
present invention, the set of privileges includes viewing and modifying the 
references to objects in the site repository 500 for a site. Modification of objects 
referenced in a site repository 500 for a site may include adding and removing the 
references to objects in the collection of software objects stored in the site 
repository. 

In the Fig. 5a embodiment of the present invention, the reference to objects 
stored in a site repository 506 may include references to groups. Each reference to 
a group may allow for access to individual users in the group. Each group may be 
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granted privileges to create, edit and delete ungrouped users. An Ungrouped user is 
a user not yet assigned to group. The ungrouped user may or may not have 
privileges associated with other groups. System permissions, such as can create 
ungrouped users and can edit/delete ungrouped users, define groups privileges to 
create, edit and delete ungrouped users. The storage of references to groups in a site 
repository makes the groups and the respective users in the group available for 
functions done in the context of the site for the site repository. In an embodiment of 
the present invention, users may not be shared between site repositories. 

In the Fig. 5a embodiment of the present invention, a system repository 508 
is a view of a collection references to objects on Framework 100. The references to 
objects provided in a view of a system repository 508 is based on privileges granted 
to a user to access objects in Framework 100. The reference to objects provided in 
the view may be further based on system repository privileges, such as can see 
system repository privileges and can see system administration context privileges, 
granted to the user with respect to accessing the system repository. The values of 
permissions, such as can see system repository and can see system administration 
context, define the system repository privileges. 

In the Fig. 5a embodiment of the present invention, a shared repository 510 
stores a collection of references to a collection of objects on Framework 100 that 
are available for reuse by sites on Framework 100. Each site in Framework 100 has 
a section in a shared repository 510 as illustrated in Fig 5b and discussed further 
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herein below. The storage of references to objects in a shared repository may 
require designation of the section of the shared repository for a site. The references 
to objects stored in a section of shared repository for a site are the objects available 
for reuse by the site. An object may be referenced in a share repository a number of 

5 times, such as once in a section for each site, on Framework 100 in the shared 
repository. For example, module B is stored once in a site A section, a site B 
section, and an All Sites section of a shared repository. In the Fig. 5a embodiment 
of the present invention, references to objects will be stored in a shared repository 
as read-only by default in both a site context and system wide context. Site 

10 Administrators of a site may be granted privileges to modify the read-only status of 
references to objects in a section of a shared repository for the site. 



In an embodiment of the present invention, references to objects may be 
y stored in a section of a shared repository for a particular site by users having 

visibility privileges for the site and can share into shared repository privileges for 
15 the system. These privileges may be granted by setting appropriate permissions 
values for the user. In order to share objects to an All Sites section of a shared 
repository can share to all sites privileges may be required by users sharing the 
objects. All sites privileges may be granted to users by setting all sites system 
permissions for the users. 

20 References to objects stored in a shared repository may be viewed by a set of 

users. In an embodiment of the present invention, references to objects stored in a 
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shared repository may be viewed by a set of users in a site context and a system 
context. References to objects viewed from a site context and system context may 
be references to objects in a section of a shared repository for the site. A set of 
users having can see shared repository privileges for a particular site may view the 
reference to objects in the section of a shared repository for the site. The set of users 
may be granted these privileges by setting can see shared repository permissions for 
the set of users. In an embodiment of the present invention, references to objects 
viewed from a system context. References to objects viewed from a system context 
may be references to objects in a shared repository. A set of users having system 
wide can see shared repository privileges may view objects in a section of a shared 
repository for the site. These privileges may be granted to the set of users by setting 
system wide can see shared repository permissions. 

In an embodiment of the present invention, an unsharing type of 
administration removes an object in Framework 100 from a site by removing a 
reference to the object. An object may be removed from a site by removing the 
reference to the object from a repository. This type of unsharing applies to the site 
that the objects were intended to be shared with by the user. For example, if an 
object was shared to a site B by a site A and shared by site B to a site C, unsharing 
by site A only affects site B and not site C. In order for the object to be unshared to 
site C, site B will have to unshare the object. Objects may be unshared with all sites 
by deleting the objects from the Framework 100. 
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AUTOMATIC PERMISSIONING FRAMEWORK 

Permissions to define privileges associated with objects may be set with 
default values in Framework 100. Default values automatically grant privileges with 
respects to objects. Fig. 5b illustrates exemplary rules governing setting of default 
values for permissions of objects. In an embodiment of the present invention, the 
rules governing setting of default values for permissions of objects apply all the 
time. They are not mutually exclusive. The default values may be overridden after 
creation in a site context or system context. Automatic permissions prevent objects 
from being orphaned the moment they are created, provide creators of objects 
access rights to the objects, allow a peer group of a set of users to also have access 
rights over the object, allow a set of users to perform administration on that object 
other than the creator and reduces administration duties. 

Privileges may be granted automatically to users and groups in Framework 
100 in order to perform various types of administration. The automatic grant of 
privileges is governed by rules implemented by Framework 100. In an embodiment 
of the present invention, the rules implemented by Framework 100 define values 
automatically assigned to permission values based on, in part, an occurrence of a 
type of administration in Framework 100. The values automatically assigned to 
permission can be overridden at the site level provided a set of users have the 
privileges to modify the system properties in a site context. 
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The rules governing the automatic privileges include object type create, site 
transfer, site administration group, non-site administration group and delegated 
administration. In the embodiment of the present invention, the object type create 
rule pertains to the creation of a new object on systems level and applies to users 
having system level permission to create that particular type of object. In an 
embodiment of the present invention, the object type create rule pertains to the 
creation of a new object on a site level and applies to users having permission in a 
site to create that particular type of object. 

The site transfer rule defines the transfer of objects to a site repository. In an 
embodiment of the present invention, the site transfer rule precludes the storing of 
references to objects to a site repository by users without n can add to this site" 
permission for a site associated with the site repository. In an embodiment of the 
present invention, the site transfer rule precludes sharing objects to a site repository 
by users without "can share to site" permission for the site associated with the site 
repository. Sharing objects may include performing a share type administration to 
store a reference to an object in a respective repository. In an embodiment of the 
present invention, the site transfer rule precludes sharing objects to a system 
repository by users without site-level "can share to server" permission. 

The site administration rule defines permission value settings for object to 
specify the scope of administrative privileges automatically provided to an 
administration group. In an embodiment of the present invention, a site 
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administrator group is granted full administrative privileges over objects created for 
a site. This rule enables a user assigned to the administration group for a site to 
maintain strict control over the site as well as prevents the creation of objects by 
users other than users assigned to the administration group which may be then left 
the responsibility of the users in the administration group. 

The non-site administration rule defines the scope of administration 
privileges provided to a group as a result of object creation. A user may be 
included in a set of groups with can create privileges. In an embodiment of the 
present invention, a non-site administration group is granted full administrative 
privileges over objects created by a user in the non-site administration group and 
granted can create privileges by the non-site administration group. In an 
embodiment of the present invention, a non-site administration group is selected to 
be granted full administrative privileges over objects created by a user in groups 
which include the non-site administration group and granted can create privileges 
by the non-site administration group. 

Fig. 5c is an exemplary diagram explaining the application of the non-site 
administration rule. The non-site administration rule applies when a user having 
can create privileges creates an object in a site. In an embodiment of the present 
invention, a user having can create privileges due to membership in a single group 
will result in the single group having full privileges over objects created by the 
users. In an embodiment of the present invention, a user having can create 
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privileges due to membership in more than one group will result in one of the 
groups having foil privileges over objects created by the user. The group having 
full privileges is selected by the user. In an embodiment of the present invention, a 
user having can create privileges due to membership in more than one group, 
including a site administration group, will result in the site administration group and 
another one of the group having full privileges over objects created by the user. 
The group other than the site administration group having foil privilege is selected 
by the user. 

In the embodiment of Fig. 5c, column 510 is a list of groups having "can 
create z" permission for a site Y. Each cell in columns 512-520 specifies the groups 
that users 1- user 5 have membership. In the examples shown in Fig. 5c, User 1 is a 
member of the site Y Administrator Group. The site Y Administrator Group is 
automatically given full administrator permission over Z without prompting user 1 
to select the group. User 2 is a member of both Group A and the site Y 
Administration Group. Group A is selected to grant full administration privileges 
over Z with prompting to user 2. The site Y Administration Group is automatically 
granted full administrative privileges over Z without prompting user 2. User 3 is 
the similar to User 2 except that the user may select more than one group to grant 
foil administration privileges over Z. User 4 is similar to User 1 in that the site 
administrator group is automatically granted foil administrative privileges over Z 
without prompting user 4, while Group A is selected to grant foil administrative 
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privileges over Z with prompting to user 4. User 5 is similar to User 3 except that 
the user is prompted to select 1 or more groups. 

The delegated administration rule requires that an object created by a 
delegated administrator in a system context designates at lease one group having 
can create privileges for the object to receive full administrative permission over the 
object 

FRAMEWORK ADMINISTRATION 

Administration of sites may be implemented by site administration software 
314. Administration may include, but is not limited to, deploying a site, locking 
down elements, creating sites anywhere in Framework 100, granting and revoking 
privileges to users for performing administration, configuring privileges for sites, 
mapping created sites to URL, modifying systems properties, site branding, sharing 
objects between sites and deploying components between portals. The 
administration of sites may be performed in a site context and a system context. 
Administrative users and delegated administrative users having both administrative 
visible privileges for a site and can access site administration context privileges for 
the site may perform administration in a site context. The Administrative users and 
delegated administrative users may be granted these privileges through the setting 
of administrative visible permissions for a site and can access administration 
context permissions for the site. 
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Administrative users and delegated administrative users having both can see 
system repository privileges and can access system-wide administration context 
privileges may perform administration in a system-wide context. The 
Administrative users and delegated administrative users may be granted these 
5 privileges through the setting of can see system repository permissions and can 
access system administration context permissions. The Administrative users and 
delegated administrative users may perform administration on all objects in 
Framework 100 based on privileges automatically granted, such as server 
administrators, or by delegation, such as delegated administrators. Administration 
10 may be performed on a site context to system properties having default values. 

The creating site administration type may include creating sites. Sites may 
be created on Framework 100 in a bulk automated fashion and a manually piece by 
piece fashion. The number of sites that may be created is unlimited. Additionally, 
sites may be created where sites are organized in a tree structure forming a site 
15 hierarchy. Created sites may be viewed and maintained by users granted privilege 
to view and/or maintain created sites. Privileges may be granted to users 
automatically or by delegation. 

Sites may be created on Framework 100 in a bulk automated fashion and a 
manual piece by piece fashion. Bulk site-creation may be performed by employing 
20 an XML-based Sites Installation Utility. Bulk site-creation may be performed at an 
initial installation of the present invention or at a special post-installation of the 
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present invention. Installation of the present invention may be performed without 
restarting systems of Framework 100 based on the types of elements, such as new 
module types and users contained within added sites. Software installer and 
individual module installers enable the addition and update of sites without 
5 restarting the software instance. This bulk mechanism shall work across clustered 
installations. 

Manual Site creation may be performed by a set of users as defined by 
privilege granted automatically or specifically delegated by a user with privileges to 
delegate such privilege. The set of users may include a user, such as a server 
10 administrator, a set of users assigned site creation privileges by the user, and a set of 
users assigned site creation privileges by the set of users assigned site creation 
privileges. 

The number of sites that may be created is unlimited. In an embodiment of 
the present invention, the number of sites that may be created is predetermined to a 
15 maximum number of N sites. The maximum number of sites created versus the 
number of remaining sites that may be created is available to a user, such as a server 
administrator. In an embodiment of the present invention, the creation of a 
maximum number sites precludes the creation of additional sites beyond the 
maximum number. This may disable the availability of create site functionality. 

20 Each site may include selectable options to control accessibility to a site. 

The selectable option includes a site enabled, site preview, a remember me and re- 
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authentication. These options may be selected by administrators, such as site and 
server. The site enabled option may control the publishing of a site and the 
visibility of the site by end-users. The site enabled options overrides standard 
permissions on the site for viewing the site. Site administrators for a site may view 
5 the site despite the setting of the site enabled option. The site preview option may 
be selectable from the administration console. An administrator of multiple sites 
may preview each of the sites in a system context employing an administration site. 
Previewing a site includes an administrator selecting the identity of a user to define 
a perspective from which to preview a site. In an embodiment of the present 
10 invention, the administrator has edit/delete permission over the user whose identity 
is selected. The re-authentication (re-login) option for a site requires a user who has 
already logged to another site in Framework 100 to login to the site that requires re- 
authentication. Once a user has logged into a site with the re-authentication option 
selected, the user will be authenticated for the duration of the session with the site. 
15 In an embodiment of the present invention, a user should remain authenticated 
against all sites in the system that the user was previously authenticated. The 
Remember Me option allows users ids to be stored on their computer. 

The ability of a user to perform administration may be defined by create site 
privileges granted to the user. In an embodiment of the present invention, the 
20 created site privileges may be granted by setting requisite permissions for the user. 
Create site privileges may be granted automatically and by delegation. For 
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example, create site privileges may be granted automatically to the user, such as 
server administrator and a member of a site administration group, upon the 
occurrence of an event, such as installation of the present invention and creation of 
a site. Alternatively, create site privileges may be granted by delegation to the user, 
5 such as delegated administrators and end-users, upon the assignment of create site 
privilege by a user having create site privileges. Sets of users automatically granted 
create site privileges facilitate the maintenance of sites. Site administrators exist for 
as long as the site for which they have create site privileges exists. For example, a 
site administration group is created upon the creation of a site and automatically 
10 receives create site privileges to create a site as well as immediate control over the 
sites functionality, look-and-feel, navigational format, and user membership. This 
group and the members assigned to this group may exist for as long as the site that 
their create site privilege is based upon exists. 

Sites created in Framework 100 may be organized in a tree structure to form 
15 a site hierarchy. A site hierarchy is a group of sites that have a hierarchical 
administrative organization. Administrators of a site may perform administration on 
a sub-site of the site including granting create site privileges to users to create sub- 
sites to the site and can share to site privileges to users to allow sharing objects to 
the site. Privileges granted by a site administrator to users of sub-sites may be 
20 revoked by the site administrator. This type of site creation provides a 
permissioning hierarchy. Fig. 6 illustrates an exemplary embodiment of a site 
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hierarchy, implemented by the present invention. In the Fig. 6 embodiment of the 
present invention, Site A (602a) and site B (602b) are parent sites (top-level site). 
These top-level sites were created by a set of users (604), such as server 
administrators, automatically granted create site privileges upon an event, such as 
5 installation of the present invention. Upon creation of the top level site 602, a set of 
users 606a and 606b, such as members of a site administrator group, were defined 
to maintain the top level sites 602 respectively, were granted create site privileges to 
create sub-sites to the top-level sites 602 and can add /can share to site privileges to 
service objects with sites, such as by storing a reference to an object in the site's 
10 repository directly or indirectly. In the Fig. 6 embodiment of the present invention, 
create site privileges may not be granted by delegation to the set of users 606 or 
other sets of users based on create site privilege of a top-level site 602 by users 604 
or 606. 

Each of the users in the set of users 606a may create a set of sub-sites, such 
15 as site C (608a) and site D (608b), of site 602a. Likewise, each of the users in the 
set of users 606b may create a set of sub-sites, such as site E (608c), of site 602b. 
Upon creation of sub-sites 608, a set of users 610a, 610b and 610c, such as site 
administrators, were defined to maintain sub-sites 608 respectively as well as 
automatically granted create site privileges to create sub-sites to sub-sites 608. In 
20 the Fig. 6 embodiment of the present invention, create site privileges may be 
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granted by delegation to sets of users (not shown) based on create site privilege of 
sub-sites 608 by users, such as 610, having create site privileges for sub-sites 608. 

Each of the users in the set of users 610 may create a set of sub-site, such as 
site F (612), of site 608a. Upon creation of sub-site 612, a set of users 614, such as 
site administrators, were defined to maintain sub-site 612 as well as automatically 
granted create site privileges to create sub-sites to sub-site 612. In the Fig. 6 
embodiment of the present invention, create site privileges may be granted by 
delegation to sets of users (not shown) based on create site privilege of sub-site 612 
by users, such as 614, having create site privileges for sub-sites 612. 

The set of users, such as server administrators, may perform modifying 
systems properties type administration on properties including system module 
display categories, default branding/theme, default module palette set for new sites 
and default security settings. Default security setting include allow self-registration, 
email replacement passwords, allow guest users, force re-authentication and allow 
per-user branding overrides. Default value settings are values that one or more 
permission of all new sites will be given automatically. 

The set of users, such as server administrators, may also perform modifying 
systems properties type administration on properties and objects including 
administrative site branding, dialog pages, error pages and tool modules. 
Administrative site branding includes setting the theme and structure of a site as 
well as enabling child site to override administrative site branding. 
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The mapping created sites to URL type administration may be performed on 
sites created in Framework 100. A site mapping to a URL type administration is an 
association of a particular site with a valid hostname for a server/computer. In an 
embodiment of the present invention, site to URL mappings will be specified in the 
system administration context by, a set of user for a site, such as server 
administrator. Each site in the system can have a set of URL mappings. For 
example, a URL can only be mapped to one site. 

Site to URL mappings specified in a system administration context may be 
overridden by modifying primary site values. In an embodiment of the present 
invention, primary site values are modified employing an administration site for a 
set of users, such as end-users. The administration site may be provided as a form 
for setting primary site values. Fig. 7 depicts an exemplary form for setting primary 
site values according to an embodiment of the present invention. The form 700 
may include a site column 702 and a primary site column 704. The site column 702 
lists sites in Framework 100 accessible (enabled) to a set of users for whom primary 
site settings are being set, and "visible" for an administrative set of users, such as 
site administrators. Primary site column 704 indicates a site designated as a 
primary site from the list of sites in the site column 702. The designation of a 
primary site is optional and may be forgone by designating None. 

A server administrator may optionally select a site as a default site for 
framework 100. In an embodiment of the present invention, a default site is 
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provided whenever a requested URL or IP address is not mapped to a site in 
Framework 100. A server administrator may optionally select wildcard DNS 
behavior for sites. The wildcard DNS option disables site to URL mappings to make 
new sites in the system automatically addressable as http://sitename.domainname. 
5 The domain name, such as "epicentric.com", will be shared by all sites when the 
wildcard DNS option is selected. 

An object of a site may be shared (reused between sites) and made available 
for reuse by another site directly or indirectly. Fig. 8 illustrates an exemplary 
embodiment of object sharing (reuse) between sites employing Framework 500, 

10 implemented by the present invention. In the Fig. 8 embodiment of the present 
invention, various methods are depicted for sharing an object of site A 802 to site B 
804 and site C 814 under system and site administrative contexts. Permissions for 
sharing an object within a site may be set from within a site context and system 
context. Permissions set from a site context will generate a system group in the 

15 source group column for any new permissions added to a Permissions Granted 
table. 

An object may be directly shared with a site in a site context. In an 
embodiment of the present invention, a reference to an object of site A 802 is stored 
in the site repository for site A. The object of site A may be shared directly with 
20 site B 804 through the execution of a share type administration. The share type 
administration may include storing, in the site B repository, a duplicate of the 
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reference to the object. The execution of a share type administration may require 
that the site performing the type administration have can share privileges with 
respects to the site where the object is being shared. This privilege may be granted 
by setting a can share to site B permission for site A 804. Users of site A, such as 
5 site Administrators for site A, may be precluded from viewing the site B repository. 
Users of site A, such as site Administrators for site A, may be notified of objects 
shared as well as allowed to discontinue use of shared objects. The object shared 
may be added to site B through the execution of a share type administration. 

An object may be indirectly shared with a site in a site context. In an 
10 embodiment of the present invention, a reference to an object of site A 802 is stored 
in the site repository for site A. The object of site A 802 may be made available for 
reuse by site B 804, through the execution of a type administration. The type 
administration may include storing, in the section of the shared repository for site B, 
a duplicate of the reference to the object. The object made available for reuse by 
15 site B may be shared with site B by executing another share type administration. 
This share type administration may include storing in the site B repository, a second 
duplicate of the reference to the object site A. The execution of a share type 
administration may require that the site performing the share operation have can 
share privileges for the shared repository. The user performing the share type 
20 administration to share the object to the site may have can add privileges with 
respect to the site where the object is being shared. These privileges may be granted 
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by setting a can share to site B permission for site A 802. Users of site A, such as 
site Administrators for site A, may be precluded from viewing the site B repository. 
Users of site A, such as site Administrators for site A, may be notified of objects 
shared as well as allowed to discontinue the availability of objects for reuse that 
they transferred. The object shared may be added to site B through the execution of 
a share type administration. 

In an embodiment of the present invention, a reference to an object of site A 
802 is stored in the site repository for site A. The object of site A 702 may be 
shared indirectly or made available for reuse by site B 804, through the execution of 
a share type administration. The share type administration may include storing, in a 
system repository, a reference to the object of site A. The object made available for 
reuse by site B may be shared with site B by executing another share type 
administration. This share type administration may include storing in the site B 
repository, a second duplicate of the reference to the object for the object of site A. 
The execution of a share type administration may require that the site performing 
the share type administration have can share to system privileges with respects to 
the system repository. The user performing the share type administration to add the 
object to the site may have can see shared privileges with respects to the site where 
the object is being added. This privilege may be granted by setting a can share to 
site B permission for site A 804. Users of site A, such as site Administrators for 
site A, may be precluded from viewing the site B section of the shared repository. 
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Users of site A, such as site Administrators for site A, may be notified of objects 
shared as well as allowed to discontinue the availability of objects for reuse that 
they transferred. The object shared may be added to site B through the execution of 
a share type administration. 

An object shared to a first site may be further directly shared to another site 
by the first site. In an embodiment of the present invention, a duplicate reference to 
an object of site A 802 is stored in the site repository for site B. The object whose 
duplicate reference is stored in the site B repository of site B may be shared directly 
with site C 814 through the execution of a share type administration. The share 
type administration may include storing, in the site C repository 816, another 
duplicate of the reference to the object. The execution of a share type administration 
may require that the site performing the type administration have can share 
privileges with respects to the site where the object is being shared. This privilege 
may be granted by setting a can share to site C permission for site B. Users of site B 
and site A, such as site Administrators for site A and site B, may be precluded from 
viewing the site C repository 816. Users of site A and site B, such as site 
Administrators for site A and site B, may be notified of objects shared as well as 
allowed to discontinue use of shared objects. The object shared may be added to site 
C 814 through the execution of a share type administration. 

An object share to a first site may be further indirectly shared with another 
site by the first site in a site context. In an embodiment of the present invention, a 
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duplicate reference to an object of site A 802 is stored in the site repository for site 
B. The object of site A 802, whose duplicate reference is stored in the site 
repository of site B, may be made available for reuse by site C 814, through the 
execution of a type administration. The type administration may include storing, in 
the section of the shared repository for site C 814, a duplicate of the reference to the 
object. The object made available for reuse by site C may be shared with site C by 
executing another share type administration. This share type administration may 
include storing in the site C repository, a second duplicate of the reference to the 
object site A. The execution of a share type administration may require that the site 
performing the share operation have can share privileges for the shared repository. 
The user performing the share type administration to share the object to the site may 
have can add privileges with respect to the site where the object is being shared. 
These privileges may be granted by setting a can share to site C permission for site 
B 804. Users of site A and site B, such as site Administrators for site A and site B, 
may be precluded from viewing the site B repository. Users of site A and site B, 
such as site Administrators for site A and site B, may be notified of objects shared 
as well as allowed to discontinue the availability of objects for reuse that they 
transferred. The object shared may be added to site C through the execution of a 
share type administration. 

In an embodiment of the present invention, an object of site A 802, whose 
duplicate reference is stored in the site repository for site B, may be shared 
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indirectly or made available for reuse by site C 814, through the execution of a 
share type administration. The share type administration may include storing, in a 
system repository, a duplicate reference to the object of site A. The object made 
available for reuse by site C may be shared with site C by executing another share 
type administration. This share type administration may include storing in the site 
C repository, a second duplicate of the reference to the object for the object of site 
A. The execution of a share type administration may require that the site 
performing the share type administration have can share to system privileges with 
respects to the system repository. The user performing the share type 
administration to add the object to the site may have can see shared privileges with 
respects to the site where the object is being added. This privilege may be granted 
by setting a can share to site C permission for site B 804. Users of site A and site B, 
may be precluded from viewing the site C section of the shared repository. Users of 
site A and site B may be notified of objects shared as well as allowed to discontinue 
the availability of objects for reuse that they transferred. The object shared may be 
added to site C through the execution of a share type administration. 

Once a reference to an object has been stored to either the site repository of a 
site or the section of the shared repository of a site, a user of the site having can 
share privileges for another site may make available for reuse or share any one of 
the objects to the other site. This chain of reuse may be performed by any user 
granted can share privileges and having a shared object associated with a site in 
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which they administer. In an embodiment of the present invention, objects in a 
chain of transfer will remain read-only. 

An object shared or made available to a site may be made unavailable and 
unshared from the site. In an embodiment of the present invention, an object shared 
or made available to a site may be unshared and made unavailable for reuse, 
respectively, through the execution of a share type administration. The share type 
administration may include removing a reference to the object from a repository. 
The repository may be a repository of the site, a share repository and a systems 
repository. For example, site A may discontinue the availability of objects 
transferred to site B for reuse by site A. The availability of objects for reuse by a 
site and sharing of objects may be discontinued despite the can add privileges of a 
site. For example, availability of an object is discontinued by executing a share 
type administration to remove a reference to an object from a section of a shared 
repository for a site, even when the reference to the object has been stored in the 
site repository for the site. The adding of objects to a site, making of objects 
available for reuse by a site, sharing of objects, making of objects unavailable and 
unsharing of objects has no effect on administrative privileges granted to users and 
groups for the objects. 

In an embodiment of the present invention, objects shared, made available 
for reuse, added to a site, made unavailable for reuse and unshared may include 
compound objects. Compound objects, for the purposes of the present invention, 
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are objects that include child objects that are structured in a hierarchy. Compound 
objects include sites, menus, and pages. A site compound object includes, but is not 
limited to, a site, menus, pages and modules. For example, a site includes menus, 
the menus include pages and the pages include modules. A menu compound object 
includes, but is not limited to, a menu, pages and modules. A page compound 
object includes, but is not limited to, a page and modules. 

In an embodiment of the present invention, menus, pages and modules are 
the compound objects that may be shared recursively. Recursive sharing includes 
storing a reference to each child object of a compound object when a reference to 
the compound object is stored in a repository. For example, sharing a page 
including three modules to a site includes storing a reference to the page in the 
repository for the site as well as references to each of the three modules. In an 
embodiment of the present invention, compound objects may be shared and made 
available for reuse without each child object of the compound object when a 
reference to the compound object is stored to a repository. For example, sharing a 
page including three modules to a site, but only sharing the page with two modules, 
includes storing a reference to the page in the repository for the site as well as 
references to two modules. 

In an embodiment of the present invention, child objects whose reference are 
not stored with their respective compound object will not appear with the compound 
object when the compound object is added to the site. For example, a menu shared 
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with some of the pages that the menu points to, but not all of them, will appear with 
broken links on the menu when the menu is added to the site. Child objects not 
shared may be obtained for addition to the site in another manner. For example, the 
broken links of the menu may be customized by obtaining the non-shared pages 
5 elsewhere on Framework 100 or different pages in accordance with edit privileges 
that are granted over the menu. In an embodiment of the present invention, sharing 
a compound object with a site, making a compound object available for reuse by a 
site and adding a compound object for use by a site includes determining whether 
the compound object is in a site repository for a site and determining whether the 
£i 10 user has end-user enabled permission on the compound object. 



«5 



y 



A compound object made available for reuse by a site, shared to a site, and 
added to a site may be made unavailable and unshared from the site. In an 
W embodiment of the present invention, a compound object shared or made available 

to a site may be unshared and made unavailable for reuse, respectively, through the 
15 execution of a share type administration. The share type administration may 
include removing a reference to the compound object as well as references to all 
child objects from a repository. For example, a page with three modules made 
unavailable for reuse includes removing reference to the page and the reference to 
the three modules from the repository. In an embodiment of the present invention, 
20 the removal of references to objects from a repository of objects added to a site 
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removes the objects from the site. Child objects not shared, but obtained elsewhere, 
will remain available for sharing. 

User groups may be shared between sites. In an embodiment of the present 
invention, user group objects shared with a site are shared as read-only. The site 
that the user group object are shared with will not be able to add users to, or delete 
users from, this group. Permission for this group will not be modifiable. A set of 
users for the site may be granted privileges to modify the permissions for the group. 

An object that references and uses other objects may be made available for 
reuse by a site, shared to a site and added to a site. The object may be made 
available, shared and added to a site through the execution of a share type 
administration. The share type administration may be a simple share and a 
compound share. Fig. 9 is an exemplary table illustrating objects and the objects 
they may reference and use. In a simple share type administration, a reference to the 
object that references other objects is stored in a repository. In a compound share 
type administration references to the object that references other objects and 
reference to the other objects are stored in a repository. 

Permissions can be inherited via group hierarchy, shares can also be 
inherited via group hierarchy. This doesn't mean that shared objects will appear in 
multiple repositories according to hierarchy. It means that a site administrator who 
is higher up in the hierarchy than two other site administrator groups will be able to 
see and manipulate not only his/her own shares, but his/her child group's shares. 
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Sites may be configured to have a specific look-and-feel. The look-and-feel 
of a site is referred to, for purposes of the present invention, as the branding for the 
site. Objects in a site that may have branding include pages of a site and 
navigational elements of a site. Branding may include a theme and a structure. A 
theme may be a collection of styles on a page of a site. Branding for a site may be 
determined, in part, by associating a theme with the site. Each style in the 
collection of styles may pertain to a particular template (element). A set of styles, 
one for each of the element, may be grouped together to form a single theme. A 
server administrator may specify the branding for a site, including an administration 
site. 

In an embodiment of the present invention, a theme is a permissionable and 
sharable object in a site. Each theme may include a system set of colors and fonts 
when first created. System color and font settings are displayed in the system 
context. Sever administrators can add additional color and font settings to themes. 
The additional color and font settings may be overridden for each theme on 
framework 100. End users may override font and color settings with their own 
settings on sites that apply a font/color option. A font/color option for a site may 
enable end users to override system font and color setting with their own fonts and 
colors for that particular site. 

In an embodiment of the present invention, a style is a JSP code fragment 
that controls the way a particular element is displayed. Any number of different 
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styles may be used to display an element. Styles may be provided as style objects 
in administrative sites. In an embodiment of the present invention, style objects are 
permissionable objects that can be shared between sites. Elements include, but are 
not limited to, a chrome, a footer, a header, navigation (site controls) and tabs 
(navigation). The chrome includes elements that surround the actual content of a 
module. For example, a module title, as well as, edit, minimize, and delete buttons 
are all part of the module chrome. The header includes content that typically 
appears at the top of a page. The site controls include buttons, links, or other 
elements for navigating to web pages that support other site features (such as user 
personalization pages). Site controls may be available in both horizontal and 
vertical configurations. Navigation includes navigational elements for switching 
between front-door pages of a site. Navigation may be available in both horizontal 
and vertical configurations. 

In an embodiment of the present invention, a structure may be the layout of 
elements on a page of a site. A structure may be a JSP code segment that defines 
the arrangement (look and feel) of elements on a particular page. A structure may 
contain hard-coded custom look-and-feel logic (HTML and/or JSP). In an 
embodiment of the present invention, structures are permissionable objects that can 
be shared across between sites. 

The types of branding employable by a site includes a site default branding, 
an installation default branding and a guest branding. Guest branding includes a 
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theme and structure that may be provided to a guest user by a site allowing access to 
unauthenticated (not logged in) users. A guest user module set may be employed for 
each page in order to specify modules available to the guest users. Each guest user 
module set may be provided on an administrator site for a site. An administrator 
may modify a guest user module set for a page that the administrator has can 
edit/delete privileges defined by can edit/delete permission for the page. 

Default branding includes a theme and structure automatically specified for a 
site when the site is created. Default branding may be employed in a site allowing 
access by UN-authenticated users where guest branding is not specified. The default 
branding for a site may be overridden by a site administrator of the site. Overriding 
default branding may be performed by specifying a new theme and a new structure 
for the site. Overriding of default branding includes brand for menu items on a site. 
A higher level chrome branding may be overridden by specifying a chrome within a 
site as the new chrome for the site. Installation default branding includes a theme 
and structure specified for a site without default site branding. 

The branding of navigational elements for a page of a site may include a 
structure. In an embodiment of the present invention, the structure of navigational 
elements includes one set of navigation elements, two sets of navigational elements, 
and grouping of different navigation levels into two sets. Site navigation elements 
may include any number of navigation levels. Figs. 10-11 are exemplary 
embodiments of multi-level navigational configurations. In the Fig. 10 embodiment 
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of the present invention, a three level navigational menu 1000 is depicted with 
level- 1 1002, level-2 1004 and level-3 1006 each configured horizontally. In the 
Fig. 11 embodiment of the present invention, a three level navigational menu 1100 
is depicted with level- 1 1102 and level-2 1104 each configured horizontally and 
level-3 vertically 1106. 

The structure component of a branding may contain two distinct navigation 
elements. One of the two distinct navigation elements may render one set of menus 
on a page and the second of the two navigation elements may render a second set of 
menus on a page, as will be discussed in detail herein below. The structure 
component determines the set of menus rendered by a navigation element. A site 
administrator may specify the menu levels to be rendered by a plurality of 
navigational elements in a site having a plurality of menu levels. 

For example, in circumstances involving two navigation elements, a site 
administrator may specify the first and second menu levels to render employing a 
first navigation element and the third level through the fifth level to render 
employing a second navigation element. The first navigation element will render 
menu levels 1-2 and the second navigation element will render menu levels 3-5. 
Alternatively, a site administrator may specify the menu levels to render employing 
a navigational element in a site having a plurality of menu levels. For example, in 
circumstances involving one navigation element, a site administrator may specify 
the second menu level to render employing by the navigational element, when a 

55 



OurRef.No. 19312.0020 



PATENT 



first menu level is grouped in a first subset and the remaining levels are grouped in 
a second subset. The navigational element will render the second menu level and 
the remaining levels in the second subset. 

Branding may be included on an administration site. The branding on an 
5 administration site may be specified in a system context of an administration site. 
Server administrators may set the branding for the administration site. There may 
be an "allow referring sites to override admin site branding" option, which is a 
system-wide setting that controls whether or not the administration site's look-and- 
feel will change based on a referring site's look-and-feel. The sub-section of the 
10 system admin site that controls these branding settings must ALWAYS be 
accessible in the event that the admin site's branding fails for some reason. (The 
"Diag" sub-section should also always be accessible, regardless of potential 
branding deployment problems.) 

Fig. 12 is an exemplary diagram illustrating deployment management for 
15 importing and exporting components of a site between portals employed by 
framework 100. Deployment management may be implemented by a deployment 
management API 1202 within software 314. Deployment management may include 
importing and exporting components of a site. Components of a site may include 
assets of objects in association with the site, such as modules as well as elements 
20 that define the look, feel and navigation. Assets of an object include non-file assets 
and file assets. 



OurRef.No, 19312.0020 



PATENT 



A component may be exported through a deployment type administration. 
Deployment type administration to export a component may include designating a 
component for export employing a graphical user interface. An administration site 
may provide the graphical user interface. In an embodiment of the present 
invention, multiple components may be simultaneously designated for export 
including, but not limited to, components corresponding to an entire site. 
Components may be exported between systems over a network 1204 employing 
techniques to transfer files, such as FTP. In an embodiment of the present 
invention, components may be exported between systems by transfer to a computer 
readable medium. 

Deployment management API may employ a set of subsystems 1206 for a 
site. Each of the subsystems is configured to manage a type of component 
associated with the site. In the Fig 12 embodiment of the present invention, the set 
of subsystems for a site includes a site subsystem, a module subsystem, a template 
subsystem and a style subsystem. Deployment management API may query 
subsystems to identify components. A subsystem may identify components for 
which the subsystem is configured to manage. For example, module subsystem may 
be queried to identify modules that have been associated with the particular site. 

Each subsystem may collect assets, such as file assets and non-file assets, of 
each component they identified. In an embodiment of the present invention, the 
non-file assets may be constructed as an extensible markup language fragment, such 
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as an XML fragment, having a predetermined structure. The extensible markup 
language fragment may contain the descriptor ID of identified components and the 
ID of the subsystem that identified the component. In an embodiment of the present 
invention, each subsystem collects the extensible markup language and the file 
assets for the components they identified. In an embodiment of the present 
invention, the extensible markup language and file assets collected by each 
subsystem are grouped together. 

The extensible markup language and the file assets collected by a subsystem 
may be stored as an individual file. Fig. 13 depicts an exemplary collection of 
extensible markup language 1302 and the file 1304 assets stored as individual 
export files. The individual export files may be component archive (CAR) files 
1306. In the Fig. 12 embodiment of the present invention, CAR files may include a 
page CAR file, a module CAR file and a menu CAR file. Individual CAR files may 
be collected and stored as a group export file. In an embodiment of the present 
invention, the group export file (TRUCK) 1308 is a file ready for transport in a zip 
format. Export files may be transmitted over a network to a remote system 
employing a file transfer protocol, such as FTP. In an embodiment of the present 
invention, export files may be transferred employing a computer readable medium. 

Export files may be imported by a remote system. The export files may be 
imported through a deployment type administration. Deployment type 
administration may include designating an export file employing a graphical user 
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interface provided by an administrative site. The export file may be any one of a 
CAR file or a TRUCK file. In an embodiment of the present invention, designation 
of a TRUCK file generates the extraction of each CAR file in a TRUCK file. 
Extensible markup language for each CAR file may be examined to determine 
descriptor IDs included within the extensible markup language. Based on the 
descriptor IDs, components may be identified. The components may be extracted to 
the appropriate location in a file system of the portal. The XML fragment is then 
parsed and the objects contained therein are instantiated in the database or other 
relevant location. 

Navigation within a site may be hierarchical where a navigable item contains 
a navigable item. Navigable items include a page, a site, a uniform resource 
locator, a navigation level and a JSP include file. Navigation within a site may be an 
arbitrary hierarchical ordering of menu items that are arranged into distinct levels. 
A site navigation for a site may grow or shrink arbitrarily. The growth and 
shrinkage of a site navigation is dependent on the construction of the site navigation 
by an administrator, such as site or server. For example, an administrator may 
construct a site navigation with 2 items but may modify the site navigation to 3 
items. In an embodiment of the present invention, each menu item is a navigable 
link to any one of the navigable items. 

A navigable link may be associated with a title. In an embodiment of the 
present invention, each menu item is associated with one link and title despite the 
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location of the menu item. A site navigation definition may be associated with each 
menu item. Fig. 14 illustrates menu items of menus with link titles for menu items 
definitions. In the Fig. 14 embodiment of the present invention, menu items 1402 
may link the user to the navigable item as specified by navigation definitions 1404. 
The menu item types include, but are not limited to, link-out type menu items and 
contained type menu items. In an embodiment of the present invention, a link-out 
menu item is one in which the link that is specified causes a redirect out of a 
particular site. For example, menu items that refer to URLs or other sites are link- 
out menu items. In an embodiment of the present invention, a contained menu item 
is one in which the link that is specified navigates to a page within the site. For 
example, a menu item containing a link to a page or a JSP include file is a contained 
menu item. Contained menu items cause a page within a site to be displayed. So 
contained menu items are the only kind of menu items that can be branded. 

Site navigation may be edited through an edit navigation type administration. 
A site administrator having can edit site navigation privileges for the site employing 
the site navigation may perform the edit navigation type administration. The site 
administrator may be granted the privilege by having the can edit site navigation 
permissions set. Segments of a site navigation may be captured as a menu object. 
A menu object is a permissionable and sharable object. Fig. 15 illustrates a segment 
of a site navigation captured as a menu object. In the embodiment of Fig. 15 of the 
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present invention, a segment 1502 of site navigation 1500 is selected. The selected 
segment may be saved as a menu object. 

Returning briefly to Fig. 14. The segment of site navigation may be selected 
employing radial button 1406. Selection of a radial button selects the menu item 
and sub-menu items for the menu item as the segment. The menu object may be 
shared, made available and added to other sites in the system in order to recreate the 
segment of the site navigation on the other sites as a menu of part of a menu. In an 
embodiment of the present invention, pages referenced by a menu object shared to a 
site are also shared to the site. Modification to a site navigation employing the 
menu object may not effect the segment of the site navigation from which the menu 
object originated. 

As a permissionable object a menu object may be enabled or disabled based 
on privileges granted a group viewing the site employing the menu object. In an 
embodiment of the present invention, menu items are modified based on the 
privileges granted to the group to which a user is a member. In an embodiment of 
the present invention, a menu item contained within a menu provides permissioning 
in a site context. Permissions for a menu item may include can edit per-site 
visibility and can edit settings. Visible permission over a menu may grant a site 
administrator privileges to use that menu in a site navigation. Edit/delete 
permission may grant an administrator privileges to arbitrarily edit or delete the 
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menu. Can Edit Per-Site Branding permission is a per-site privilege that may allow 
an admin to override the per-site branding on menu items contained in the menu. 

The algorithm employed to render menus of a site may be selected through a 
menu presentation type administration. The algorithms to render a menu include a 
combined and an exclusive. In an embodiment of the present invention, the default 
mode for rendering menus employs the combined algorithm. A site administrator 
having privilege to edit menu presentation mode for a site may perform the 
selection of the algorithm employed by the site. Fig. 16a illustrates a table for 
implementing the combined algorithm. In the Fig. 16a embodiment of the present 
invention, the combined algorithm provides a user access to menus based on the 
privileges granted to the user due to membership in groups. In the embodiment of 
Fig. 16a, table 1600a includes menu items 1602a-1602e and groups including an 
everyone group 1604, a sales group 1606, a marketing group 1608 and an 
engineering group 1610 for a site. Application of the Combined algorithm to a user 
having membership in the sales group 1606 and a marketing group 1608 provides 
the user with access to Menu Items 1602a- 1602c and 1602d. As a result of all users 
in framework 100 being members of the everyone group, the user is provided access 
to menu items 1602a- 1602b. 

Fig. 16b illustrates a table for implementing the exclusive algorithm. Fig. 
16b is best understood when viewed in combination with Fig. 16a. In the Fig. 16b 
embodiment of the present invention, the exclusive algorithm provides a user access 
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to menus based on a priority level assigned to groups by a site administrator. In the 
embodiment of 16b, table 1600b includes groups 1606-1610 that have been 
assigned priority levels, where the menu item for the engineering group 1610 has 
priority over menu items for both marketing group 1608 and sales group 1606 and 
marketing group 1608 has priority over sales group 1606. Application of the 
exclusive algorithm to a user having membership in the engineering group 1610 and 
the sales group 1606 provides the user with access to menu items 1602a-1602b and 
1602d illustrated in Fig. 16a. In an embodiment of the present invention, menu 
items enabled for the everyone group are provided to all users for access and the 
menu item for the group having the highest priority to which the users is a member 
is also provided. 

A site navigation for a site may use any number of menus. The site 
administrator of a site employing menus in its site navigation can select one of the 
menus as a top level locking menu. Fig. 17 depicts an exemplary embodiment of a 
top level locking interface. In the Fig. 17 embodiment of the present invention, the 
top level locking interface includes drop down menu 1702 and radial buttons 1704. 
Drop down menu 1702 may provide an administrator with menus of a site. Radial 
button may provide an administrator with the ability to specify where the menu 
selected by drop down menu 1702 may be locked. A Menu may be locked to the 
beginning, the end as well as the end and beginning of the top level for a site 
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navigation. Locking at both the beginning and the end of the top level means that 
the first level of navigation will be comprised solely of this menu. 

Fig. 18 depicts an exemplary embodiment of a front door page of an end user 
site employing menuing structures according to the present invention. In the Fig. 
18 embodiment of the present invention, front door page 1800 employs a control 
menu system 1802 and site navigation menu system 1808. Control menus system 
include, but are not limited to, site controls 1804 and page controls 1806. Site 
controls 1804 may be rendered by a site controls style. Site controls 1804 may 
include links to pages, such as Front Door and My Account. Page controls 1806 
may be rendered by a page controls style. Page controls 1806 may include links to 
pages, such as add and move, and any other page-aware end-user pages except the 
front door. Site navigation 1808 may be rendered by one or more site navigation 
styles. Site navigation 1808 styles may include navigation links to Pages and JSP 
pages including files. The state of any particular page can be defined at any time by 
parameters including a selected control menu tab and a selected navigation menu 
item. The selected control menu tab defines which control menu tab is selected. 
The selected navigation menu item defines which site navigation menu item is 
selected. 

Fig. 19 depicts the rules determining the operation of the control menu 
system and a site navigation system according to an embodiment of the present 
invention. In the embodiment of Fig. 19, the page controls menu is rendered if the 

64 



OurRef.No. 19312.0020 



PATENT 



selected navigation menu item refers to the content type page. The page content of 
a page may be determined by the selected control menu tab. In an embodiment of 
the present invention, the Page Content of the page is determined by the Selected 
Navigation Menu Item when the selected control menu tab has a link type front 
door. The branding of a page may be determined by the Selected Navigation Menu 
Item. In an embodiment of the present invention, selection of a menu item from 
the Page Control menu followed by selection of a menu item from the Site 
Navigation Menu not linked to a Page object automatically selects the Front Door 
link on the Site Control Menu. The content associated with a Menu Item is 
displayed in the Page Content area based on the menu item selected on the site 
navigation menu. 

An object of a site may be locked down to prevent modification of the 
object. The object may be locked down through the execution of a share type 
administration. In an embodiment of the present invention, users having privilege 
to lock down objects include a server administrator and a delegate administrator. 
For example, the site administrator is able to lock down the number and order of 
pages in the site and most of the modules for each page except the first. The Site 
Administrators for the site, who are employees of another company, are able to 
change the site's branding and create several new modules from building blocks to 
go on the first page, but not the remaining pages. 
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End users may navigate through a site employing a site navigation tree. In 
an embodiment of the present invention, end user will see items on the navigation 
tree they have been allowed to see. The end user may navigate to the given page 
from a navigation tree. In an embodiment of the present invention, the end user will 
see the module instances they have been granted privileges to see once the end user 
has reached a page. The privileges granted to an end user may be based on 
permission associated with each module instance and menu item for the site. The 
permissions may include a system level permission and an access permission for the 
site. In an embodiment of the present invention, only one of these has to be true for 
the end user to see the instance or item. 

Figs. 20a-20b are exemplary illustrations of consoles according to an 
embodiment of the present invention. In the Fig. 20a embodiment of the present 
invention, a server console 2002 is depicted. The server console may be employed 
by a server administrator to perform administration on a systems context as 
discussed above. In the Fig. 20b embodiment of the present invention, a site console 
2004 is depicted. The site console may be employed by a server administrator to 
perform administration on a site context as discussed above. The site console 
includes 

While specific embodiments of the present invention have been illustrated 
and described, it will be understood by those having ordinary skill in the art that 
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changes may be made to those embodiments without departing from the spirit and 
scope of the invention. 
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